Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-10168

CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Fix Version/s: 2.1.9, 2.2.1, 3.0 beta 2
    • Component/s: None
    • Labels:
      None
    • Severity:
      Normal

      Description

      The PermissionCache is refreshed in the background every permissions_update_interval_in_ms by looking up cassandra tables. This background refresher assumes the called methods to throw exception on cassandra failures. In such cases, it just serves the stale entry until the next refresh happens.

      CassandraAuthorizer.authorize is throwing exception when it fails to lookup system_auth.users table. However when lookup on system_auth.permissions table fails, it swallows the exception and returns PERMISSION.NONE. In that case, the cache thinks that permission was revoked for the user until the next refresh succeeds. All the requests to that user on that cassandra instance fail incorrectly till the next refresh succeeds. This is bad.

      CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails.

      I have attached a patch for cassandra 2.0 branch.

        Attachments

        1. authorizer.patch
          0.7 kB
          Vishy Kasar

          Activity

            People

            • Assignee:
              vkasar Vishy Kasar
              Reporter:
              vkasar Vishy Kasar
              Authors:
              Vishy Kasar
              Reviewers:
              Sankalp Kohli
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: